User authentication Terminal Access Controller Access-Control System Plus (TACACS+)
AnywhereUSB® Plus User Guide
340
TACACS+ user configuration
When configured to use TACACS+ support, the AnywhereUSB Plus device uses a remote TACACS+
server for user authentication (password verification) and authorization (assigning the access level of
the user). Additional TACACS+ servers can be configured as backup servers for user authentication.
This section outlines how to configure a TACACS+ server to be used for user authentication on your
AnywhereUSB Plus device.
Example TACACS+ configuration
With TACACS+, users are defined in the server configuration file. On Ubuntu, the default location and
filename for the server configuration file is /etc/tacacs+/tac_plus.conf.
Note TACACS+ configuration, including filenames and locations, may vary depending on your platform
and installation. This example assumes a Ubuntu installation.
To define users:
1. Open the TACACS+ server configuration file in a text editor. For example:
$ sudo gedit /etc/tacacs+/tac_plus.conf
2. Add users to the file using the following format. This example will create two users, one with
admin and serial access, and one with only serial access.
user = user1 {
name ="User1 for AnywhereUSB Plus"
pap = cleartext password1
service = system {
groupname = admin,serial
}
}
user = user2 {
name ="User2 for AnywhereUSB Plus"
pap = cleartext password2
service = system {
groupname = serial
}
}
The groupname attribute is optional. If used, the value must correspond to authentication
groups configured on your AnywhereUSB Plus. Alternatively, if the user is also configured as a
local user on the AnywhereUSB Plus device and the LDAP server authenticates the user but
does not return any groups, the local configuration determines the list of groups. See
Authentication groups for more information about authentication groups. The groupname
attribute can contain one group or multiple groups in a comma-separated list.
3. Save and close the file.
4. Verify that your changes did not introduce any syntax errors:
$ sudo tac_plus -C /etc/tacacs+/tac_plus.conf -P
If successful, this command will echo the configuration file to standard out. If the command
encounters any syntax errors, a message similar to this will display:
To Next Page
Loading...
Need help?
General